Businesses brace for second 'Fujiwhara effect' of 2020 as Patch Tuesday looms

Organisations set for a day of chaos on 14 April as vendors plan to fix 500-plus software vulnerabilities at once

Software giants will release fixes for hundreds of bugs in unison for the second time this year, at a time when IT teams are already under pressure from mass adoption of remote working and surging cyber crime.

The forthcoming Patch Tuesday, on 14 April, will see as many as 500 vulnerabilities released by the likes of Microsoft and Oracle, causing a phenomenon dubbed the ‘Fujiwhara effect’. Such a security event is ordinarily rare, with the last one before 2020 occurring in 2014. 

Advertisement - Article continues below

This year has been no stranger to coordinated bug fixes, with next Tuesday representing the second ‘Fujiwhara effect’ in 2020, according to Risk Based Security. This is in addition to a third event scheduled to hit on 14 July.

Such coordination of bug fixes poses a challenge for security teams, who must analyse and prioritise hundreds of disclosures before remediation can even begin.

This coming Tuesday may see as many as 300 to 500-plus fixes released, according to forecasts. This is significantly higher than average, with roughly 60 flaws published per day, normally.

This latest onslaught will also come at a time when employees have begun working from home en masse, and cyber criminals have been empowered by the COVID-19 pandemic to ramp up activity significantly.

Advertisement
Advertisement - Article continues below

“Even for large organizations, processing these new “Patch Tuesday” disclosures can take weeks, and that’s with a well-funded and coordinated team,” said Risk Based Security. “The hours required for IT security teams to collect, analyze, triage, and then address the coming vulnerabilities will be considerable.

Advertisement - Article continues below

“If there wasn’t enough going on already, organizations must somehow manage the coming Vulnerability Fujiwhara Effect despite the current business disruption and pressure on security budgets.”

The ‘Fujiwhara effect’ in meteorology is known as an extreme weather event in which two massive hurricanes collide or merge.

The last cyber security ‘Fujiwhara effect’ on 14 January, saw more than ten major software players participate, including Adobe, SAP, Schneider Electric, VMWare, Intel, as well as Oracle and Microsoft, among others.

The release of so many patches at once, numbering more than 300, saw IT and security teams across the world scramble to implement updates to their business-critical systems.

Among these fixes was a Microsoft-developed patch for an "extraordinarily serious" cryptographic flaw anchored in the crypt32.dll Windows component, with organisations like the US military given advanced access to the fix.

Winding forward some months, organisations are facing greater challenges than arguably ever before, in terms of the economy and the labour market, not to mention cyber security threats increasing significantly over the last few weeks. 

The UK’s National Cyber Security Centre (NCSC) this week issued a joint-warning with US cyber security authorities warning businesses of a surge in cyber criminal activity, most of which was attempting to exploit the coronavirus pandemic.

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement

Recommended

Andrew Daniels joins Druva as CIO and CISO
Cloud

Andrew Daniels joins Druva as CIO and CISO

22 Jul 2020
University of California gets fleeced by hackers for $1.14 million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Australia announces $1.35 billion investment in cyber security
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
CSA and ISSA form cyber security partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
UN report points to a 350% rise in phishing websites at start of 2020
phishing

UN report points to a 350% rise in phishing websites at start of 2020

7 Aug 2020